SQL Injection Attacks Detection & Prevention Techniques

Gülsüm Yiğit and Merve Arnavutoğlu

Abstract—Abstract—SQL Injection Attack (SQLIA) is a type of code injection technique that threatens confidentiality, integrity, and availability of web databases. The attacker mostly exploits incorrectly filtered user inputs such as text fields in web applications and tries to insert malicious SQL statements into a legitimate query via the vulnerable user input. By doing so, the attacker can access, insert, modify, or delete critical information in a database without proper authorization. In this survey, we describe and categorize types of SQLIA, and analyze existing detection and prevention techniques against such attacks.

Index Terms—Index Terms—SQL injection, attacks, cyber security.

Gülsüm Yiğit and Merve Arnavutoglu are with the Electronics and Computer Engineering Department, University of Gaziantep, Turkey (e-mail: gulsmyigit@gmail.com, merve.arnavutoglu@gmail.com).